[Openid-specs-heart] Bi-weekly HEART call starting Nov 6th - update of profiles

Eve Maler eve.maler at forgerock.com
Fri Oct 27 17:23:28 UTC 2017


Open Banking (see the website of its UK government-mandated Implementation
Entity here <https://www.openbanking.org.uk>) is a regulation requiring at
least the UK's biggest nine banks (the "CMA9", CMA standing for Competition
Market Authority) to present a standard set of APIs to foster a payment
initiation and account information application ecosystem, for giving
customers choice. The open APIs in effect disintermediate credit card
issuers and enable the use of bank accounts directly as payment instruments
for things like paying Amazon (as a third-party client app) for buying an
item etc. The OB approach and specs, which work with the OpenID
Foundation's Financial API (FAPI <http://openid.net/wg/fapi/>) WG's specs,
discourage "screen scraping" and encourage the by-now-familiar OAuth and
OpenID Connect pattern of having the client app offer for the user to
identify, and authenticate at, and authorize action through, a service (the
bank). The regulation mandates "SCA", Strong Customer Authentication. The
FAPI profiles are like a much more detailed, thorough, and restrictive
version of the profiles we have put together, targeted at a much more
detailed, specific, and demanding regulatory environment. OB operates in a
broader EU regulatory context, PSD2 (Payment Services Directive 2). There
is currently a "NextGenPSD2" effort being undertaken by The Berlin Group; a
conference <https://www.berlin-group.org/nextgenpsd2-conference-2017> was
held two days ago to start to collect input towards that.


*Eve Maler*ForgeRock Office of the CTO | VP Innovation & Emerging Technology
Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl

On Fri, Oct 27, 2017 at 8:15 AM, Adrian Gropper <agropper at healthurl.com>
wrote:

> I'm new to Open Banking. Is it related to Distributed Public Ledgers? Can
> someone provide a bit more description and color?
>
> On Fri, Oct 27, 2017 at 7:53 AM, Debbie Bucci <debbucci at gmail.com> wrote:
>
>> Hello Everyone,
>>
>> Now that the fall conferences are winding down and the UMA 2.0 spec is
>> nearing completion, we would like to start up the HEART WG for a few
>> session/discussion and see where it might go from there.   Given the
>> holiday seasons, starting Nov 6th seems to minimize holiday interruptions.
>>
>> On the short list of topics/potential actions  ...
>>
>> 1. Updating the UMA related profiles to reflect UMA 2.0
>> 2. Given recent action of Open Banking and better understand of the SMART
>> profiles,  I do think we missed the mark by not including public clients in
>> the specs.   SMART (assumed trusted environment ) and Open Banking
>> (probable us by 3rd party API) have different perspectives.  Perhaps it
>> referencing/Leveraging/aligning with other OpenID  Profiles -- FAPI,
>> igov, EAP  (?)
>>
>> If you are interested and have other topics - updates to the profile we
>> should consider - please post to the list.
>>
>> Thanks in advance
>>
>> _______________________________________________
>> Openid-specs-heart mailing list
>> Openid-specs-heart at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-heart
>>
>>
>
>
> --
>
> Adrian Gropper MD
>
> PROTECT YOUR FUTURE - RESTORE Health Privacy!
> HELP us fight for the right to control personal health data.
> DONATE: https://patientprivacyrights.org/donate-3/
>
> _______________________________________________
> Openid-specs-heart mailing list
> Openid-specs-heart at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-heart
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20171027/ed055853/attachment.html>


More information about the Openid-specs-heart mailing list